Protect Your WordPress Directory from Public Browsing

Found a really good WordPress security tips a while ago:

Directories should not be left open for public browsing.

There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.

To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.

It’s fairly simple to protect your WordPress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
2. just add this line in your .htaccess file in your root:
Options All -Indexes

Related Posts:


  1. thanks bro…

  2. good info…aku baru tau camna..nampak sangat aku malas membaca…muahahah

  3. sama la kita lan….:P

  4. May your blogs be safe. :)

  5. EXCELLENT advice. My other “favorite” security plug in for WordPress is Login LockDown from Bad Neighborhood!

  6. Yup, that’s a very important security plugin to prevent brute-force attacks.

  7. Good info!!! Thanks for sharing.

Leave a Comment

  • recently written